Cyber threats remain a key operational concern for banks, which are otherwise experiencing “near-historic” capital and liquidity highs and improved returns on equity, according to the Office of the Comptroller of the Currency (the “OCC”). The regulator published its Fall 2017 Semiannual Risk Perspective on January 18th, stating that “operational risk remains elevated as banks adopt business models, transform technology and operating processes, and respond to increasing cybersecurity threats.” This conclusion is not new—since its … Continue Reading

Companies and law enforcement are increasingly turning to white hat hackers for help. The FBI apparently paid consultants over $1,000,000 to unlock an iPhone used by one of the shooters in the San Bernardino attacks, and companies such as Microsoft, Uber, Facebook, and Google are paying hackers tens of thousands of dollars to find vulnerabilities in their systems. Davis Polk’s recent cybersecurity webcast discusses why companies are using pools of white hat hackers for certain … Continue Reading

Today marks the first deadline for entities regulated by the New York Department of Financial Services (“NYDFS”) to comply with certain provisions of the recent NYDFS cybersecurity rules. The NYDFS cybersecurity rules taking effect is a significant event for NYDFS-regulated entities, and for any company facing cybersecurity concerns. The unique combination of (1) concrete cybersecurity requirements (e.g., access controls), (2) a senior-level certification obligation, and (3) the 72-hour notice requirement, will likely have a … Continue Reading

Earlier this month, HBO disclosed that it is the latest victim of cyber breach extortion, which involves criminals hacking into a company’s computer system, extracting sensitive information (e.g., emails of executives) or valuable intellectual property (e.g., unreleased television scripts or episodes), and then threatening to make the information public if a ransom is not paid, usually in Bitcoin. In the HBO case, the hackers claim that this is their 17th target and that all … Continue Reading

With about a month to go until the first set of NYDFS’s cybersecurity rules go into effect (on August 28, 2017), we are proud to announce the formal launch of the Davis Polk Cyber Breach Center. The blog will help you keep pace with industry best practices and be aware of your company’s cybersecurity obligations, including those relating to the NYDFS rules. Aside from posts about developments in cybersecurity, the blog includes information about … Continue Reading

When the New York Department of Financial Services (“NYDFS”) issued its new cybersecurity rules in March, one question came up frequently: When are covered entities required to report an unsuccessful cyber attack? The rules provide that notification must be made to the NYDFS within 72 hours from a determination that a cybersecurity event has occurred that has a reasonable likelihood of materially harming normal operations, and the definition of a cybersecurity event includes an unsuccessful … Continue Reading

In a Risk Perspective released on July 7, 2017, the Office of the Comptroller of the Currency (“OCC”) emphasized the need for institutions to be cyber resilient – i.e., be able to respond to cyber attacks by managing various risks. Acting Comptroller Keith Noreika noted in a speech on the same day that “[e]ffective risk management promotes timely detection, response and escalation of operational issues to reduce customer impact due to product failures, possible fraud, … Continue Reading

Topics

Archives

Subscribe by Email

RELATED PROFESSIONALS

Mr. Gesser is a partner in Davis Polk’s Litigation Department. He represents clients in a wide range of cybersecurity issues, including compliance with various cybersecurity regulations, cybersecurity governance issues, cloud migration, data minimization, and cybersecurity risk disclosures. Mr. Gesser also counsels companies who have experienced cyber events by coordinating with experts to conduct investigations; communicating with regulators, law enforcement, insurers and auditors; assessing various federal, state and international regulatory disclosure obligations; and representing the companies in related civil litigation and regulatory investigations. He previously served as the Counsel to the Chief of the Justice Department, Criminal Division’s Fraud Section and as the Deputy Director of the Justice Department, Criminal Division’s Deepwater Horizon Task Force. In addition to his full-time practice, Mr. Gesser is a frequent writer and commentator on cybersecurity issues.

Mr. Leibowitz is a partner in Davis Polk’s Washington DC and New York offices. His practice focuses on the complex antitrust aspects of mergers and acquisitions as well as government and private antitrust investigations and litigation. He also provides counsel in the developing areas of consumer protection and privacy law as well as advocacy involving Congress.

Mr. MacBride is co-chair of the firm’s White Collar Criminal Defense and Government Investigations Group. His practice focuses on government enforcement actions, internal investigations, congressional investigations, and complex civil litigation. His matters have included advising clients in connection with foreign corrupt practices, economic sanctions, cybersecurity risks, False Claims Act violations, market manipulation, insider trading, and securities, health care, procurement and tax fraud. His wide-ranging investigations and trial experience span more than two decades and across all three branches of the government, most recently as the U.S. Attorney for the Eastern District of Virginia.

Mr. Perez-Marques is a partner in Davis Polk’s Litigation Department. His practice spans complex commercial litigation, including securities and M&A-related litigation, as well as securities enforcement and white collar matters. He also has extensive experience advising Spanish, Latin American and other foreign clients concerning U.S. litigation matters, and domestic clients concerning overseas and cross-border disputes.

Ms. Seshens is a partner in Davis Polk’s Litigation Department. Her practice focuses on complex commercial litigation, securities class actions, and bankruptcy litigation. She has extensive experience representing corporate clients and professional firms with respect to a wide range of civil litigation and advisory matters.

Ms. Gross is counsel in Davis Polk’s Intellectual Property and Technology Department in the Northern California office. Her practice includes a wide range of intellectual property-related matters, including strategic alliances, joint ventures and licensing, as well as intellectual property strategy and commercialization, copyright, patent and trademark matters. She also advises clients on data privacy and security matters, including cybersecurity, technology and data initiatives, development of privacy and data security policies and product development.

Disclaimer

cyberbreachcenter.com is a collection of informational products provided by Davis Polk & Wardwell LLP. In its capacity as provider of cyberbreachcenter.com and its component parts, Davis Polk is acting as an information provider.

cyberbreachcenter.com and its component parts do not constitute, and are not intended to constitute, legal advice with respect to any particular circumstance, do not create an attorney-client relationship with Davis Polk & Wardwell LLP or any of its associated entities and should not be relied on or treated as a substitute for specific advice relevant to particular circumstances.

About Davis Polk

Davis Polk ranks among the world’s preeminent law firms. Known for our skillful work, the excellence and breadth of our practice has kept us at the forefront of matters that are shaping global business. Read More